BugTraq
Intel CPU bug forcing page table switch during syscalls? Jan 03 2018 09:31PM
Pavel Machek (pavel ucw cz)
Hi!

It looks like there's Intel CPU bug, allowing prefetch from kernel
memory. It seems to be reason KASLR patches are pushed so fast to Linux.

https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1
https://forums.freebsd.org/threads/63955/page-2#post-371276

Hmm.

Does that mean we can do

u16 *peek_addr = <somewhere into kernel>;
char cacheline1[64];
char cacheline2[64];

wbinvd();

if (*peek_addr == 0x1234)
(volatile char *) cacheline1[0];
else
(volatile char *) cacheline2[0];

Thread will certainly die to SIGSEGV here, but from other thread we
should be able to tell if cacheline1 or cacheline2 is in cache... and
therefore read unreadable memory....?

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlpNS7AACgkQMOfwapXb+vK7qgCfZCTHnDr5zBL1ePfoqvXM6/4s
mXEAoJMYQ/PoUGS4ZMt9LcYjAwktmTnC
=BGX6
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus